The BBC is reporting that there seems to have been a massive data breach of 200 million Yahoo accounts, with the data – which appears to be from 2012 – being offered for sale for 3 bitcoins ($1805 USD).
According to the BBC article, from a sample of 5000 of the 200 million account credentials being offered for sale by the hacker, who goes by the name of “Peace” and who has also been tied to massive hacks of LinkedIn and MySpace, Motherboard tested a sample of about two dozen and found them to be legitimate, meaning that they were real accounts, and the credentials worked to log into them.
|Read Internet Patrol Articles Right in Your Inbox as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
|Or get notified of new Internet Patrol articles for free!
In a statement, Yahoo said that “Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”
However, while the passwords are hashed, Peace has also published the algorithm used to hash the passwords. So, even if you have “created strong passwords” there’s no guarantee that your data will be protected from this sort of breach.
As security expert Professor Alan Woodward points out in the BBC article, “The algorithm MD5 is considered to be weak, and for the vast majority of passwords it is easy to reverse what it was using what we call a dictionary attack.”
So, if you have a Yahoo account, it’s time to go change your password. Or, to close it.
|Get notified of new Internet Patrol articles!